The Need to Rethink Personal Data Handling
Have you ever received an old-fashioned letter? I know, it seems archaic, but bear with me. It’s a great analogy. For us young readers (myself included), think of a letter like a physical email, sent to your address through the postal service.
Eventually, a mailman delivers it to you, and those mail slots on your door or mailbox by the road are the devices listening for new mail. Mail slots are fantastic because they allow letters into your house while keeping the postman out.
Now, imagine a world without mail slots. You’re lounging on your couch, just chillin’, when suddenly a wild mailman appears! He’s got a letter, but instead of slipping it into your trusty mail slot, he barges into your house and starts rummaging around like a raccoon in a dumpster.
In this scenario, the postman should do only one thing: enter your house, put down your letter, and leave. However, there’s a lot the postman could do. He could rearrange your furniture, grab a few of your possessions on the way out, or even forget to lock the door behind him.
Needless to say, this is a terrible system. We’d need all sorts of legal complexities and system checks to make it work even somewhat effectively. But here’s the kicker: we’ve essentially designed a lot of internet services this way! Online payments being one of them.
From Landlords to Service Providers
Let’s talk payments! You know the drill, right? You hand over your credit card information to a payment provider who then plays middleman, making payments on your behalf when it is requested by the service provider
If you ever want to stop paying, you have to go begging the service provider to stop taking your money. Additionally it is horrible for privacy, as payment providers end up processing a lot of personal transaction data.
This is a lot different from, say, how you might be paying rent each month. You pay that directly to your landlord, right? Your landlord should then make sure you’ve made the correct payment each month and take actions based on this.
Imagine if online services worked in the same way. Instead of trusting private companies with your credit card details and putting up with all sorts of rules and regulations, you could just make payments directly to the service providers. And when you log in, the service providers would check to see if you’ve paid up. Simple, right?
Thanks to the revised Payment Service Directive (PSD2), this is becoming increasingly possible. The directive allows your applications to interface with your bank, so you can bypass the middleman altogether. And with banks legally required to comply, this setup is set to become more and more common.
Rethink Personal Data Handling
This could be seen as part of a larger movement to transfer information processing from central servers to client devices. Not only does this improve privacy, but it also automatically ensures GDPR compliance — so it’s a win-win!
Hey, devs and product managers out there! If you find yourself constantly requesting and storing personal data just to take action on behalf of users, it’s time to ask yourself: “Can users do this on their own, on the client side?”.
Wow, you made it to the end! Thanks for sticking with me through my musings on online payments. If you enjoyed reading this, I’d be thrilled if you hit that follow button — it really means a lot. Cheers to you!
